4.9

CVE-2013-3228

The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Updaterc6 Version <= 3.9
LinuxLinux Kernel Version3.9 Updaterc1
LinuxLinux Kernel Version3.9 Updaterc2
LinuxLinux Kernel Version3.9 Updaterc3
LinuxLinux Kernel Version3.9 Updaterc4
LinuxLinux Kernel Version3.9 Updaterc5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.305
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:C/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html
http://www.openwall.com/lists/oss-security/2013/04/14/3
http://www.ubuntu.com/usn/USN-1837-1
https://lkml.org/lkml/2013/4/14/107
Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=5ae94c0d2f0bed41d6718be743985d61b7f5c47d
https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d